Skip to main content

Update on Microsoft Security Flaw

Posted Date: 14 May 2019

Effective Date: 14 May 2019

On May 14, Microsoft announced a major security flaw: CVE-2019-0708. Since learning of the vulnerability, Northwestern IT immediately began assessing the exposure of campus systems and has not detected any exploits to date at the University.

The vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – and allows an unauthenticated attacker to connect to target systems using Remote Desktop Protocol (RDP). An attacker who successfully exploits this vulnerability could install malicious programs; view, change, or delete data; or create new accounts with full user rights. 

The vulnerability affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003 operating systems, for which Microsoft long ago stopped providing security updates.

 

End User Impact

The advice for remediation is the same for all users, system administrators, and those in managed environments:

It is extremely important to apply the latest patches, which are available as of 5/15/19. This includes Windows operating systems on home and Northwestern devices (desktops, laptops and servers).

Please direct any questions about the information in this message to the IT Support Center at 847-491-4357 (1-HELP) or consultant@northwestern.edu.

Back to top